net: dccp: fix sign bug
authorKulikov Vasiliy <segooon@gmail.com>
Sat, 17 Jul 2010 05:21:00 +0000 (05:21 +0000)
committerDavid S. Miller <davem@davemloft.net>
Sun, 18 Jul 2010 22:07:14 +0000 (15:07 -0700)
'gap' is unsigned, so this code is wrong:

    gap = -new_head;
    ...
    if (gap > 0) { ... }

Make 'gap' signed.

The semantic patch that finds this problem (many false-positive results):
(http://coccinelle.lip6.fr/)

// <smpl>
@ r1 @
identifier f;
@@
int f(...) { ... }

@@
identifier r1.f;
type T;
unsigned T x;
@@

*x = f(...)
 ...
*x > 0

Signed-off-by: Kulikov Vasiliy <segooon@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/dccp/ackvec.c

index 2abddee..92a6fcb 100644 (file)
@@ -201,7 +201,7 @@ static inline int dccp_ackvec_set_buf_head_state(struct dccp_ackvec *av,
                                                 const unsigned int packets,
                                                 const unsigned char state)
 {
-       unsigned int gap;
+       long gap;
        long new_head;
 
        if (av->av_vec_len + packets > DCCP_MAX_ACKVEC_LEN)